<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

/**
 *
 * @author vitalify
 *
 */
class PrivateController extends CI_Controller {
	// data
	public $components = NULL;

// method
	public function  __construct() {
		parent::__construct();

		// load modules, libraries, helpers,..
		$this->load->helper( array('form', 'url', 'string'));
		$this->load->library(array("form_validation"));
		//$this->load->Model();

		// xss
		$this->clearXss();
		// sql injection
		$this->clearSqlInjection();

		// 		var_dump($this->input->post());
		// 		var_dump($this->input->get());
	}

	/**
	 * @author DatDM
	 * @todo clear input xss
	 */
	private function clearXss() {
		// xss
		// htmlentities for all params
		// $data = $this->security->xss_clean($_POST['filename']);
		foreach ($_POST AS $k => $v) {
			$_POST[$k] = htmlentities(trim($v));
		}
		foreach ($_GET AS $k => $v) {
			$_GET[$k] = htmlentities(trim($v));
		}
	}

	/**
	 * @author DatDM
	 * @todo clear input sqlinjection
	 */
	private function clearSqlInjection() {
		$this->load->database(ACTIVE_GROUP);
		// $this->db->escape_str for all params
		foreach ($_POST AS $k => $v) {
			$_POST[$k] = $this->db->escape_str(trim($v));
		}
		foreach ($_GET AS $k => $v) {
			$_GET[$k] = $this->db->escape_str(trim($v));
		}
	}

}